Staples confirmed on Friday a data breach that may have affected more than 1 million cards.
An in-house investigation detected malware at some point-of-sale systems at 115 locations, the company said in a press release. Staples has more than 1,400 U.S. retail stores.
About 1.16 million cards may have been affected, the release said.
The office supply retailer said it is offering free identity protection services, including identity theft insurance and credit monitoring, to customers who used a card to pay at any of the affected stores between August 10 to Sept. 16, or between July 20 to Sept. 16 of this year, depending on the location.
Read MoreProtecting banks from cyberattacks